Economics of security

Economics of security

The economics of information security addresses the economic aspects of privacy and computer security. Economics of information security includes models of the strictly rational homo economicus as well as behavioral economics. Economics of security addresses individual and organizational decisions and behaviors with respect to security and privacy as market decisions.

Economics of security addresses a core question: why do agents choose technical risks when there exists technical solutions to mitigate security and privacy risks? Economics addresses not only this question, but also inform design decisions in security engineering.

Emergence of economics of security

National security is the canonical public good. The economic status of information security came to the intellectual fore around 2000. As is the case with innovations it arose simultaneously in multiple venues.

In 2000, the scientists at the Computer Emergency Response Team at Carnegie Mellon University proposed an early mechanism for risk assessment. The Hierarchical Holographic Model provided the first multi-faceted evaluation tool to guide security investments using the science of risk. Since that time, CERT has developed a suite of systematic mechanism for organizations to use in risk evaluations, depending on the size and expertise of the organization: [http://www.cert.org/octave OCTAVE] . The study of computer security as an investment in risk avoidance has become standard practice.

Also in 2000 at Harvard, Camp at the School of Government and Wolfram in the Department of Economics argued that security is not a public good but rather each extant vulnerabilities has an associated negative externality value. Vulnerabilities were defined in this work as tradable goods Six years later, [http://idefense.com/ iDEFENSE] , [http://zerodayinitiative.com/ ZDI] and [http://www.mozilla.org/security/bug-bounty.html Mozilla] have extant markets for vulnerabilities. Vulnerabilities are also known as computer security exploits.

In 2001, Ross Anderson published, [http://www.acsac.org/2001/papers/110.pdf Why Computer Security is Hard] . Anderson explained that a significant difficulty in optimal development of security technology is that incentives must be aligned with the technology to enable rational adoption. Thus, economic insights should be integrated into technical design. A security technology should enable the party at risk to invest to limit that risk. Otherwise, the designers are simply counting on altruism for adoption and diffusion.

Also in 2001, in an unrelated development, Larry Gordon and Marty Leob published [http://old-www.rhsmith.umd.edu/accounting/mloeb A framework on using information security as a response to competitor analysis systems] . These professor of Maryland's Smith School of Business examined the strategic use of security information from a classical business perspective.

The authors came together to develop and expand a series of flagship events under the name Worksop on the Economics of Information Security.

Examples of findings in economics of security

Proof of work is a security technology designed to stop spam by altering the economics. An early paper in economics of information security argued that proof of work cannot work. In fact, the finding was that proof of work cannot work without price discrimination as illustrated by a later paper, [http://weis2006.econinfosec.org/docs/50.pdf Proof of Work can Work] .

Another finding, one that is critical to an understanding of current American data practices, is that the opposite of privacy is not, in economic terms anonymity, but rather price discrimination. [http://citeseer.ist.psu.edu/odlyzko03privacy.html Privacy and price discrimination] was authored by Andrew Odlyzko and illustrates that what may appear as information pathology in collection of data is in fact rational organizational behavior.

Hal Varian presented three models of security using the metaphor of the height of walls around a town to show security as a normal good, public good, or good with externalities. [http://www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/49.pdf Free riding] is the end result, in any case.

External links

* [http://infosecon.net/ Economics of Information Security] links to all the past workshops, with the corresponding papers, as well as current conferences and calls for papers.
* [http://www.geocities.com/amz Return on Information Security Investment] contains links, ROISI model diagrams, papers and a ROISI calculator.

Centers that study economics of security

* [http://www.heinz.cmu.edu/ Carnegie Mellon University Heinz School]
* [http://privacy.cs.cmu.edu/ Carnegie Mellon University Privacy Lab]
* [http://www.cl.cam.ac.uk/research/security/ Cambridge University Computer Science Laboratory]
* [http://informatics.indiana.edu/ Indiana University School of Informatics]
* [http://www.dtc.umn.edu/ University of Minnesota]
* [http://www.si.umich.edu/ University of Michigan School of Information]
* [http://www.eecs.harvard.edu/index/cs/cs_index.php Harvard University Division of Engineering and Applied Sciences]
* [http://www.thei3p.org/ Dartmouth hosts the I3P] which includes the Tuck School as well as the Computer Science Department in studying economics of information security.

Resources in economics of security

* Ross Anderson maintains the [http://www.cl.cam.ac.uk/~rja14/econsec.html Economics of Information Security] page.
* [http://www.heinz.cmu.edu/~acquisti Alessandro Acquisti] has the corresponding [http://www.heinz.cmu.edu/~acquisti/economics-privacy.html Economics of Privacy Resources] page.
* [http://infosecon.net/ Economics of Information Security] provides events, books, past workshops, and an annotated bibliography.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Security — is the condition of being protected against danger, loss, and criminals. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside.… …   Wikipedia

  • Security Information Service — Bezpečnostní informační služba (BIS) Agency overview Formed 30 July 1994 Preceding agencies Security Information Service of the Czech Republic (1992) (Czechoslovak) Federal Security Information Service …   Wikipedia

  • Economics of new nuclear power plants — The economics of new nuclear power plants is a controversial subject, since there are diverging views on this topic, and multi billion dollar investments ride on the choice of an energy source. Nuclear power plants typically have high capital… …   Wikipedia

  • security — /si kyoor i tee/, n., pl. securities, adj. n. 1. freedom from danger, risk, etc.; safety. 2. freedom from care, anxiety, or doubt; well founded confidence. 3. something that secures or makes safe; protection; defense. 4. freedom from financial… …   Universalium

  • Security through obscurity — In cryptography and computer security, security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. A… …   Wikipedia

  • Economics of fascism — The economics of fascism refers to the economic policies implemented by fascist governments. Fascism itself is a term used to refer to totalitarian nationalist and corporatist movements. [Heater, Derek Benjamin. 1967. Political Ideas in the… …   Wikipedia

  • Security services —    Since the tsarist era, the Russian security services have played an important part in the country’s politics, social and cultural life, and at times economics. Under the Romanovs, the Third Department was established in 1825 as a secret… …   Historical Dictionary of the Russian Federation

  • Economics of coffee — Top Ten Green Coffee Producers 2006 (millions of metric tons)  Brazil 2.59  Vietnam 0.85 …   Wikipedia

  • Happiness economics — Economics …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”